Vulnerable Items Reopened In ServiceNowIssue Vulnerable item records have reopened in ServiceNow. The VIT's closed date is after the last_found date of the detection, so the expectation is for these VIT records to remain closed. For the most current information, see Vulnerability Response vulnerable item detections from third-party integrations and Remediation task and vulnerable item states.CauseAfter verifying the data on the cloned instance, we can conclude that the VITs are reopened because a new detection is found matching the closed VIT, having the same vulnerability on the configuration item. The previous detection was found as remediated by the scanner, thus moving it to the closed/fixed state. The vulnerability was then found again in a later scan. As per the script include "DetectionBase", method "_shouldReOpenVI()", if the VI was earlier Closed with substate Fixed, Stale, or CI Decommissioned, then it will be re-opened and the detection will be mapped to the existing VI.ResolutionThis is working as expected for the sample records provided.